According to the Cloud Security Alliance’s recent report on The Non-Human Identity Governance Vacuum, non-human identities now outnumber human ones by roughly 45 to 1. These identities include API keys, tokens, and service accounts that continue to multiply unchecked across cloud environments. The rapid adoption of software-as-a-service (SaaS) and cloud services has served as the root accelerant of the sprawl of non-human identities. Legacy identity tools were designed to function in environments populated by human users, not the machines that currently dominate organizations.
A Startup Built for the Blind Spot
Entro Security, founded in 2022 by CEO Itzik Alvas and CTO Adam Shriki, is an agentic AI and non-human identity security platform built to centralize relevant information on non-human identities in a unified place for security teams. The technology allows security teams to automate non-human identity management with inventory, context, and real-time threat detection and response.
Since its founding, the company has gained traction in the industry and obtained high-profile customers, including Booking.com, SolarWinds, Elastic, and KAYAK, helping to establish a name for Entro. The trajectory of the company’s funding has progressed from an initial $6 million seed round to a later $18 million Series A round, led by Dell Technologies Capital and also featuring participation by Hyperwise Ventures and StageOne Ventures.
The Incumbent's Incomplete Empire
Identity security leader SailPoint has held a dominant position in human identity governance and administration, building up a reputation since its founding in 2005. Software investor Thoma Bravo’s $6.9 billion buyout of SailPoint in 2022 has fueled an aggressive acquisition strategy in the intervening years.
The 2025 acquisition of Savvy Security helped to expand SailPoint’s capacities in SaaS visibility and shadow IT governance, exposing a significant gap in SaaS and machine identity coverage that the company has since tried to remedy. There has been a mounting pressure in recent years to close the divide between human and non-human identity security as SaaS, cloud, and AI tools and agents continue to grow more ubiquitous in enterprise environments.
The $200 Million Resolution
In an effort to address this issue, SailPoint has announced an agreement to acquire Entro Security. Not much has been disclosed about the precise financial terms of the deal between the two companies, but the transaction is valued at around $200 million.
Entro’s teams, consisting of dozens of employees, will be folded into SailPoint’s development operations after the acquisition is completed. The integration of Entro’s capabilities will combine with the previously acquired technology of Savvy Security to create a single unified platform for comprehensive identity security. This deal is a strategic bet on SailPoint’s part that machine identity management is the next major frontier in identity security.
A Market Racing to Consolidate
SailPoint’s acquisition of Entro Security is not the only such move in the industry by a leading company attempting to close the security gap between human and non-human identities. Oasis Security and Astrix Security are two direct competitors in the same space, and Cisco’s acquisition of Astrix serves to underline the industry-wide recognition of the category’s urgency. The consolidation of non-human identity security through acquisitions across multiple industry-leading players helps to validate the momentum of the market.
What Comes Next for the Machine Identity Race
The future of machine identity management and security lies in the continuing motion of the market, the way organizations respond to ongoing and emerging challenges, and the evolution of the regulatory landscape. The increasing adoption of agentic AI is poised to accelerate the imbalance between human and non-human identities even further in the coming years.
The growing audit, compliance, and visibility pressure on enterprise security teams is also going to shape how organizations approach the issue of machine identity sprawl and imbalance going forward. Questions remain about whether acquisitions like this one can singlehandedly close the remaining gaps between human and non-human identity security. The next security perimeter isn’t human at all, and it is crucial that organizations are equipped to establish comprehensive visibility and governance measures to manage non-human identities.
